Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 19-10-2020 Uruchomiony przez dulte (23-10-2020 15:43:48) Uruchomiony z C:\Users\dulte\Downloads\FRST Windows 10 Home Wersja 1909 18363.592 (X64) (2020-10-05 12:21:03) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3056494953-356578700-1541810083-500 - Administrator - Disabled) dulte (S-1-5-21-3056494953-356578700-1541810083-1001 - Administrator - Enabled) => C:\Users\dulte Gość (S-1-5-21-3056494953-356578700-1541810083-501 - Limited - Disabled) Konto domyślne (S-1-5-21-3056494953-356578700-1541810083-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3056494953-356578700-1541810083-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09} AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57} FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-3056494953-356578700-1541810083-1001\...\uTorrent) (Version: 3.5.5.45798 - BitTorrent Inc.) 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}) (Version: - Microsoft) Hidden 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}) (Version: - Microsoft) Hidden BootP-DHCP Tool (HKLM-x32\...\{5924C1D0-58C9-4DCB-9863-02576672A7F9}) (Version: 3.03.00 - Rockwell Software) Cisco Webex Meetings (HKU\S-1-5-21-3056494953-356578700-1541810083-1001\...\ActiveTouchMeetingClient) (Version: 40.10.3 - Cisco Webex LLC) FactoryTalk Activation Manager 4.03.03 (HKLM-x32\...\{BD0618E7-613A-4569-8AC7-64BF616A3F7E}) (Version: 4.03.03 - Rockwell Automation, Inc.) FactoryTalk Alarms and Events 6.11.00 (CPR 9 SR 11) (HKLM-x32\...\{A7D22059-3EBF-4762-881E-47373E365476}) (Version: 6.11.00 - Rockwell Automation, Inc.) FactoryTalk Diagnostics 6.11.00 (CPR 9 SR 11) (HKLM-x32\...\{23A74197-1511-4CF7-9991-DBCF81246F96}) (Version: 6.11.00 - Rockwell Automation, Inc.) FactoryTalk Linx 6.11.00 (CPR 9 SR 11.0) (HKLM-x32\...\{7ADED7FB-7E78-43D7-9982-F906DB88B0C3}) (Version: 6.11.00 - Rockwell Automation, Inc.) FactoryTalk Services CPR 9 SR 11.0 (HKLM\...\FactoryTalk Services CPR 9 SR 11.0) (Version: CPR 9 SR 11.0 - Rockwell Automation, Inc.) FactoryTalk Services Platform 6.11.00 (CPR 9 SR 11) (HKLM-x32\...\{3B21630A-FBFF-47A6-B395-FC617A995A54}) (Version: 6.11.00 - Rockwell Automation, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.) HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) Malwarebytes version 4.2.1.89 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.1.89 - Malwarebytes) McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R28 - McAfee, LLC) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13231.20390 - Microsoft Corporation) Microsoft 365 - tr-tr (HKLM\...\O365HomePremRetail - tr-tr) (Version: 16.0.13231.20390 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{F89605E4-B8A7-46ED-84E7-6AB7F2CFD9BC}) (Version: 13.1.811.168 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3056494953-356578700-1541810083-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{B9274744-8BAE-4874-8E59-2610919CD419}) (Version: 11.4.7001.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13231.20126 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13231.20200 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13231.20126 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-041F-1000-0000000FF1CE}) (Version: 16.0.13231.20126 - Microsoft Corporation) Hidden OPC .NET API 2.00 Redistributables 106.0 (HKLM-x32\...\{1EF94FD2-2196-48DC-857C-4A19700B0688}) (Version: 2.01.10600 - OPC Foundation) Rockwell Automation Driver Package x64 (HKLM\...\{EBE076DF-9C9D-468F-BFC5-C9B98443D3BE}) (Version: 2.03.00.0003 - Rockwell Automation) Rockwell Windows Firewall Configuration Utility 1.00.12 (HKLM-x32\...\{950877C4-1DD7-456B-9715-C53B29991D75}) (Version: 1.00.12.0003 - Rockwell Automation, Inc.) RSLogix 5000 Module Profile Core (HKLM-x32\...\{DA787F2A-4AD5-42C3-89D3-8E698E552792}) (Version: 4.05.881.0 - Rockwell Software, Inc.) Hidden RSLogix 5000 Module Profile Core System Updates (HKLM-x32\...\{1BF926B1-129B-41FD-B8A4-BD734CBCF886}) (Version: 6.00.1769.0 - Rockwell Automation, Inc.) Hidden RSLogix 5000 Module Profile Core System Updates 1 (HKLM-x32\...\{C08E299E-8C04-4B9D-A0E7-75B176BAC236}) (Version: 8.00.2421.0 - Rockwell Automation, Inc.) Hidden RSLogix 5000 Module Profile Setup Utility (HKLM-x32\...\{D2B06C02-5880-4E65-BF31-B4F32A630FA9}) (Version: 4.05.881.0 - Rockwell Software, Inc.) Hidden RSLogix 5000 System Updates (HKLM-x32\...\{A4EDB3CB-2EBD-413F-82B5-A71BA9550497}) (Version: 20.10.0410 - Rockwell Automation, Inc.) Hidden RSLogix Micro English 8.30.00 (HKLM-x32\...\{0A9CA5C6-732F-4FB1-80B7-97E623B4259B}) (Version: 8.30.00 - Rockwell Automation Inc) WebAdvisor firmy McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.159 - McAfee, LLC) WinRAR 5.91 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH) Packages: ========= Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2020-10-06] (Amazon.com) AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\advancedmicrodevicesinc-2.59462344778c5_10.19.10004.0_x64__0a9344xs7nr4m [2020-10-06] (Advanced Micro Devices Inc.) Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comEMEABigsavingso_1.0.0.0_x64__mgae2k3ys4ra0 [2020-10-06] (Priceline Partner Network) Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.1.0_x64__xbfy0k16fey96 [2020-10-06] (Dropbox Inc.) ELAN Touchpad Setting -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadSetting_11.2.63.0_x64__stws0m115j6hg [2020-10-06] (ELAN Microelectronics Corporation) Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2020-10-06] (HP Inc.) HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.7.195.0_x64__dt26b99r8h8gj [2020-10-06] (Realtek Semiconductor Corp) HP CoolSense -> C:\Program Files\WindowsApps\ad2f1837.hpcoolsense_1.0.6.0_x64__v10z8vjag6ke6 [2020-10-06] (HP Inc.) HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.3.1040.0_x64__v10z8vjag6ke6 [2020-10-06] (HP Inc.) HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\ad2f1837.hppchardwarediagnosticswindows_1.6.1.0_x64__v10z8vjag6ke6 [2020-10-06] (HP Inc.) HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.39.0_x64__v10z8vjag6ke6 [2020-10-06] (HP Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2020-10-06] (HP Inc.) HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.5.353.0_x64__v10z8vjag6ke6 [2020-10-06] (HP Inc.) HP System Event Utility -> C:\Program Files\WindowsApps\ad2f1837.hpsystemeventutility_1.0.44.0_x64__v10z8vjag6ke6 [2020-10-06] (HP Inc.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2020-10-06] (Microsoft Corporation) [MS Ad] McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.13.0_x64__wafk5atnkzcwy [2020-10-06] (McAfee Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-10-15] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-10-15] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2020-10-06] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2020-10-06] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4df9e0f8.netflix_6.93.478.0_x64__mcm4njqhnhss8 [2020-10-06] (Netflix, Inc.) Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.152.0_x64__kzf8qxf38zg5c [2020-10-06] (Skype) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0 [2020-10-15] (Spotify AB) [Startup Task] ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217848 2009-02-12] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-22] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-22] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (filtrowane) ==================== ==================== Skróty & WMI ======================== ==================== Załadowane moduły (filtrowane) ============= 2020-10-15 12:37 - 2020-10-15 12:37 - 000138240 _____ () [Brak podpisu cyfrowego] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\515d852693d98080423eb64fd6ddcc62\Interop.IWshRuntimeLibrary.ni.dll 2020-10-15 12:37 - 2020-10-15 12:37 - 000134656 _____ (hardcodet.net) [Brak podpisu cyfrowego] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\4b5d7867b15600a9d3fe0b6e6d34b91e\Hardcodet.Wpf.TaskbarNotification.ni.dll 2020-08-17 20:57 - 2020-08-17 20:57 - 000015360 _____ (HP Inc.) [Brak podpisu cyfrowego] C:\Program Files\WindowsApps\ad2f1837.hpsystemeventutility_1.0.44.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL 2020-10-15 12:37 - 2020-10-15 12:37 - 001701888 _____ (Mark Heath & Contributors) [Brak podpisu cyfrowego] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\0d9db1b5b5856ea2179f5319bd591812\NAudio.ni.dll 2020-10-15 12:37 - 2020-10-15 12:37 - 003060736 _____ (Newtonsoft) [Brak podpisu cyfrowego] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\70c55744996e9e4021e0dba25a1cf469\Newtonsoft.Json.ni.dll 2018-07-05 09:12 - 2018-07-05 09:12 - 001229312 _____ (Robert Simpson, et al.) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Program Files (x86)\Rockwell Software\RSCommon\System.Data.SQLite.dll 2020-10-15 12:37 - 2020-10-15 12:37 - 000793088 _____ (The Apache Software Foundation) [Brak podpisu cyfrowego] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\3df7e4e713b5a24ccb84efc25d626d39\log4net.ni.dll ==================== Alternate Data Streams (filtrowane) ======== (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Windows:CM_89c07002dadf5991f79468c90f37e2533d020b70e8e1912a4856e84326c08211 [74] AlternateDataStreams: C:\Windows:CM_9857127c368ba16c1f274bd4bf1d16fff75f690c8aae941604d58b4b7d00c937 [18] ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer (filtrowane) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE HKU\S-1-5-21-3056494953-356578700-1541810083-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE HKU\S-1-5-21-3056494953-356578700-1541810083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {54E8D67D-7296-4C93-9E28-E4BA131B0A28} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {54E8D67D-7296-4C93-9E28-E4BA131B0A28} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3056494953-356578700-1541810083-1001 -> {54E8D67D-7296-4C93-9E28-E4BA131B0A28} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-10-17] (McAfee, LLC -> McAfee, LLC) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-10-21] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-10-17] (McAfee, LLC -> McAfee, LLC) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-21] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-21] (Microsoft Corporation -> Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC) ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3056494953-356578700-1541810083-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg DNS Servers: 178.214.0.16 - 178.214.0.14 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Punkty Przywracania systemu ========================= 17-10-2020 14:44:18 Zaplanowany punkt kontrolny ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (10/23/2020 03:37:44 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: LAPTOP-JV53B55O) Description: HRESULT:0x8004FF6F Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. For more information on the differences and improvements, see online Help. Error code:0x8004FF6F. Error: (10/23/2020 03:20:15 PM) (Source: SecurityCenter) (EventID: 19) (User: ) Description: Usługa Centrum zabezpieczeń Windows nie mogła załadować wystąpień programu AntiVirusProduct z magazynu danych. Error: (10/23/2020 03:20:15 PM) (Source: SecurityCenter) (EventID: 18) (User: ) Description: Usługa Centrum zabezpieczeń Windows nie mogła załadować wystąpień programu FirewallProduct z magazynu danych. Error: (10/23/2020 03:18:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: ActivationNotifier.exe, wersja: 4.3.3.1, sygnatura czasowa: 0x5b9909f5 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 10.0.18362.535, sygnatura czasowa: 0x5bd9df62 Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x001135d2 Identyfikator procesu powodującego błąd: 0x35b0 Godzina uruchomienia aplikacji powodującej błąd: 0x01d6a93f0614ee7a Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\ActivationNotifier.exe Ścieżka modułu powodującego błąd: C:\WINDOWS\System32\KERNELBASE.dll Identyfikator raportu: 0028e935-b375-4b51-81a9-c93264c0a65e Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (10/23/2020 03:18:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplikacja: ActivationNotifier.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu nieobsłużonego wyjątku. Informacje o wyjątku: System.IO.FileNotFoundException w RockwellAutomation.FactoryTalk.FTACore.Adapters.AdapterCM..ctor() w RockwellAutomation.FactoryTalk.FTACore.Model..ctor(Boolean) w RockwellAutomation.ActivationNotifier.MainWindow..ctor() Informacje o wyjątku: System.Windows.Markup.XamlParseException w System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri) w System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri) w System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean) w System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext) w System.Windows.Application.LoadComponent(System.Uri, Boolean) w System.Windows.Application.DoStartup() w System.Windows.Application.<.ctor>b__1_0(System.Object) w System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) w System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) w System.Windows.Threading.DispatcherOperation.InvokeImpl() w System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) w MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object) w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) w MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) w System.Windows.Threading.DispatcherOperation.Invoke() w System.Windows.Threading.Dispatcher.ProcessQueue() w System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) w System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) w System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) w System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) w MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) w MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) w System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) w System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) w System.Windows.Application.RunDispatcher(System.Object) w System.Windows.Application.RunInternal(System.Windows.Window) w System.Windows.Application.Run(System.Windows.Window) w RockwellAutomation.ActivationNotifier.App.Main() Error: (10/23/2020 03:17:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: FTActivationBoost.exe, wersja: 4.3.3.1, sygnatura czasowa: 0x5b9905aa Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 10.0.18362.535, sygnatura czasowa: 0x5bd9df62 Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x001135d2 Identyfikator procesu powodującego błąd: 0x13a4 Godzina uruchomienia aplikacji powodującej błąd: 0x01d6a93eec3c0a24 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe Ścieżka modułu powodującego błąd: C:\WINDOWS\System32\KERNELBASE.dll Identyfikator raportu: b5847028-390f-43ce-9d42-fed5e86ffb57 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (10/23/2020 03:17:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplikacja: FTActivationBoost.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu nieobsłużonego wyjątku. Informacje o wyjątku: System.IO.FileNotFoundException w RockwellAutomation.FactoryTalk.FTActivationBoost.DongleWatcher..ctor(RockwellAutomation.FactoryTalk.FTActivationBoost.ITrace, RockwellAutomation.FactoryTalk.FTActivationBoost.IRegistryOp) w RockwellAutomation.FactoryTalk.FTActivationBoost.BoostController..ctor(RockwellAutomation.FactoryTalk.FTActivationBoost.ITrace) w RockwellAutomation.FactoryTalk.FTActivationBoost.FTActivationBoost..ctor(RockwellAutomation.FactoryTalk.FTActivationBoost.ITrace) w RockwellAutomation.FactoryTalk.FTActivationBoost.Program.Main(System.String[]) Error: (10/23/2020 03:08:14 PM) (Source: SecurityCenter) (EventID: 19) (User: ) Description: Usługa Centrum zabezpieczeń Windows nie mogła załadować wystąpień programu AntiVirusProduct z magazynu danych. Dziennik System: ============= Error: (10/23/2020 03:20:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (10/23/2020 03:20:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (85000 ms) podczas oczekiwania na połączenie się z usługą Usługa Google Update (gupdate). Error: (10/23/2020 03:18:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi FTActivationBoost z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (10/23/2020 03:18:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (85000 ms) podczas oczekiwania na połączenie się z usługą FTActivationBoost. Error: (10/23/2020 03:08:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (10/23/2020 03:08:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (85000 ms) podczas oczekiwania na połączenie się z usługą Usługa Google Update (gupdate). Error: (10/23/2020 03:06:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi FTActivationBoost z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (10/23/2020 03:06:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (85000 ms) podczas oczekiwania na połączenie się z usługą FTActivationBoost. CodeIntegrity: =================================== Date: 2020-10-23 15:22:44.869 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2020-10-23 15:21:15.638 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-10-23 15:21:15.628 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-10-23 15:21:15.618 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-10-23 15:21:15.607 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-10-23 15:21:15.595 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-10-23 15:21:15.583 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-10-23 15:21:15.569 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. ==================== Statystyki pamięci =========================== BIOS: AMI F.45 06/30/2020 Płyta główna: HP 8615 Procesor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx Procent pamięci w użyciu: 77% Całkowita pamięć fizyczna: 6057.66 MB Dostępna pamięć fizyczna: 1378.34 MB Całkowita pamięć wirtualna: 7913.66 MB Dostępna pamięć wirtualna: 1089.02 MB ==================== Dyski ================================ Drive c: (Windows) (Fixed) (Total:476.17 GB) (Free:409.01 GB) NTFS Drive d: (DATA) (Removable) (Total:14.99 GB) (Free:6.46 GB) FAT32 \\?\Volume{bb54e866-45b8-43b8-87ec-7c90e7df6761}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS \\?\Volume{ac43a56f-6d36-40bf-b644-201fbc8c552c}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32 ==================== MBR & Tablica partycji ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 6B44C264) Partition: GPT. ========================================================== Disk: 1 (Size: 15 GB) (Disk ID: DC3E874B) Partition 1: (Not Active) - (Size=15 GB) - (Type=0B) ==================== Koniec Addition.txt =======================